2013.05.29 18:20 "[Tiff] LibTiff Bug in ChopUpSingleUncompressedStrip", by LaViolette, Alan

I have found an issue in ChopUpSingleUncompressedStrip() located in tif_dirread.c. This function attempts to split up a large single strip image into multiple strips. I believe the issue I am having is it does not reset/change the td->td_stripbufmax value to represent the new size of the size and offset blocks. This causes the code in _TIFFGetByteCount() and _TIFFGetOffset() to incorrectly compute the correct block number (it should now always be 0), It will only work for images with < td_stripbufmax strips, in my case 1024.

Code in _TIFFGetByteCount():

extern uint32
_TIFFGetByteCount(TIFF* tif, tstrip_t strip)
{

      TIFFDirectory *td = &tif->tif_dir;
      int   status = 1;

      uint32      blkno = strip / td->td_stripbufmax;  // Value is not set correctly
      uint32      tdi;

...

Code as it needs to be in ChopUpSingleUncompressedStrip():

td->td_stripbcsbuf = newcounts;
td->td_stripoffsbuf = newoffsets;
td->td_stripbcsblk = 0;
td->td_stripoffsblk = 0;
td->td_stripbytecountsorted = 1;

      td->td_stripbufmax = nstrips;             // New assignment to td_stripbufmax

I have tested this change in my own code base and it is working correctly, but I don't know if it will have any other effects. Also other td_strip* values are not adjusted in ChopUpSingleUncompressedStrip(), is that Ok.

Thanks,
Alan L.